Month: March 2017

Nothing is secure. If someone really wants my information, they can get it.

It’s a truth that will always exist. For every secure system, there’s someone who can break it. Simple as that. Now, let’s get on with the post.

Why should I be concerned?

Everything you do digitally has a fingerprint. Everything from your online shopping habits, your spending, and even the news you read all tells something about you. Based on your social media habits alone, I can estimate (with fairly high accuracy) when you will be home, and where you will be at various times of the day. I know when you’ve had a bad day, I know when you’ve had a good day, and I know when any life event occurs.

You might be thinking: “Well, that’s fine. I have nothing to hide”. That’s where you’re wrong.

Based on that information gathered from social media, I can also discover what foods you like, past online accounts you have had, who you bank with, and even personal things like where your children go to school. I can even use that information to gain access to essentially anything you own. Oh, your security question is your mother’s maiden name? That’s cute. I know that too.

But I’m not the bad guy. I won’t gut your phone shut off or re-route your calls to listen in on you. Frankly, I don’t care. I have better things to do with my time. However, there are plenty of people out there who do.

In all honestly, if someone targets you, there isn’t much you can do about it. This post isn’t about that. It’s about doing what you can to prevent yourself from general data gathering. If someone breaks down your door with a sledgehammer, your lock isn’t going to cut it but that doesn’t mean forego locking your front door.

Get a handle on the dumb stuff.

I won’t go into too much detail on these, but be sure you’re confident in them. If you have a question, don’t hesitate to ask in the comments.

Secure your network

Know what your security settings are what’s on your network. You’d be amazed at how many people have WPS enabled, are using WEP for encryption, or don’t have any security on their wireless whatsoever.

If you don’t know anything about this, Google is your friend. Or just ask your 10-year-old.

Solution:

Disable WPS and use WPA/2 on your wireless network.

Don’t postpone updates

Update all the things. Do you know why your computer is so annoying about updates? Because that update probably contains a fix for a potential security issue. Seriously, this is getting ridiculous.

Solution:

Update your fucking computer/phone/tablet/wifi-connected dildo/etc.

Piracy is bad, mmkay?

Stop being cheap and streaming movies/TV/porn/etc from piracy sources. Oh, you have a Fire Stick running Kodi on it with a few add-ons that let you watch whatever you want? Do you actually know where it’s connecting to? Did you actually write those add-ons and own those servers? I didn’t think so.

This isn’t even taking into account that most of these people who do this either:

A) Read a tutorial online and copy/pasted things that they don’t know anything about.
B) Bought the Fire Stick from someone who could now be using it to sniff your credit card numbers and watch you dance naked in your living room.

Solution:

Just rent the damn movie on iTunes for $3.99.

Use a VPN

Using a VPN is far easier than people think it is. Services like Cloak make it easier by just allowing you to install an app and click a button. There’s not a single reason you can give me for not using a VPN.

What is a VPN?

Your modem talks to your ISP (the people you pay for internet service).

Your ISP talks to the website.

The process reverses to send you what you asked for.

With a VPN, we add an extra layer.

You type in a website.

Your connection is encrypted so that nobody can see what’s there.

Your computer talks to your router and modem.

Your modem talks to your ISP (the people you pay for internet service).

Your VPN decrypts your data and talks to the website.

The process reverses to send you what you asked for.

With a VPN, all your ISP knows is that you sent something to a server. They probably have a good idea that it’s a VPN, but they don’t know anything else about it. They never see the website or what you sent. Even if they’re logging everything you do and selling it to the highest bidder (which they can do legally), it’s completely useless.

We live in a world where the “common folk” hear more and more about cyber attacks. Imagine if the wrong people got ahold of Comcast or Time Warner’s full database on logged details? I bet you wouldn’t be okay with that, even if you only check your email.

How?

There are plenty of reputable VPN services out there. No, don’t Google search for “free VPN”. If they’re not charging anything for the product, you’re the product. Spend a couple bucks a month for a quality service. Here are a few I recommend:

There are a ton of others out there. Just be sure to do your research and ignore pricing. Expect it to be around $10/month. The ones I have mentioned also have apps that are insanely simple to use, so you really don’t have any excuses.

Change and use unique passwords

A good rule of thumb is to use different passwords for absolutely everything and try to change them once in a while. For frequently used things, every 6 months is generally fine.

Why? Because if one account is compromised, and you use the same credentials, they all are. If you use the same password for everything, I only need access to one password to log into everything.

I’m sure you’ve heard about at least one security breach where you were asked to change your password. Do you think the people who got your passwords are going to use that username/password combination on just one site? Of course not. You just got yourself tossed on a list that will be used to attempt access to anything that’s targeted.

If you use the same passwords everywhere, chances are that someone will eventually get ahold of it and use it against you to access a different account entirely.

It’s not as hard as you think it is

Seriously, if my tech-ignorant mother-in-law can do this, you can. Password keychains are the solution.

Services like LastPass and 1Password allow you to create randomized passwords and store those passwords for you. Honestly, I couldn’t even tell you what 98% of my passwords are because I don’t need to know them. Whenever you set a password, all you have to do is save it. If you need to change it, just edit the entry. Hell, most of them already do that for you.

Use 2-factor authentication

What if someone still gets access to your current password? They still can’t get in if you’re using 2FA.

What is 2-factor authentication? Most simply, it’s a way for further prove that you are indeed you. Every time you successfully log into a service that supports 2FA, you’ll be asked to do something such as enter a code that was sent to you in a text message or check your email for a link. This means that even if someone was to access your login credentials, they would have to have access to your phone too.

It’s simple, and it’s secure. More and more services support it, and I can almost guarantee that all of your social media, financial, and email accounts are supported.

Block the bad stuff

Blocking of known ad-trackers and data gathering tools is fairly simple, and can be done directly from your web browser. I’m not going to go too deep into this, but here’s what I recommend:

I often use Zapier to communicate between services, mainly because it offers quite a bit of standardization. Imagine processing a request from one API and passing it onto another. Hell, even just interacting with complex (and sometimes downright ancient) APIs is easier with Zapier.

Today, Zapier officially announced their CLI for building custom Zapier integrations. Why is this awesome? Because as a developer, the last thing I want to have to do is log into a service, and paste my custom code into a little box. Here’s an example:

A client of mine needs to interact with Salesforce from Gravity Forms. If you’ve ever worked with Salesforce’s API, you probably just cringed. For making requests, you have two options: their poorly maintained PHP SOAP library, or their newer REST API that requires directly passing Salesforce queries to it. For receiving them, you have the joy of their XML-based outbound messages. Needless to say, making a Salesforce integration for this client is a nightmare.

First off, Zapier allows both myself and the client to interact with Salesforce using pre-defined queries. If I want to search for a value, then do something with that value, it’s just a few clicks away. Seriously, it’s that easy and it allows my client to make small changes on their own without the need to contact me.

What if that request needs some more conditional logic, or needs a loop? Well, that’s going to require either an overly-complicated setup or a custom app. To add the extra functionality to the custom app, I just need to write that bit of functionality into the Zapier zap using JavaScript.

Simple enough, right? Well, sort of. To insert that custom JavaScript or add additional actions, I’ll need to click a million buttons and do a whole lot of writing code into a web-based text field. Not ideal.

That’s where this new Zapier CLI tool shines. I can write my entire custom app directly within the CLI tool, and use version control to make changes. If I need to adjust it, I just pull it down from GitHub, make my changes, and deploy it. No more logging in and clicking. All of my logic is written in JavaScript and I don’t even have to touch a GUI.

Yesterday marked my 2-year anniversary at Rocketgenius. It feels like time flew by, while simultaneously feeling like I have been there forever. I can honestly say that the past 2 years have been the best of my life. Here are my thoughts.

Self-Management Can Be Hard (But Adapting To It Is Awesome)

I was hired as an expert, and I’m treated like one. If I feel something related to my responsibilities is needed, I just do it. There isn’t a lengthy approval process or task delegation for most things. While that’s great 99% of the time, it definitely takes some adjusting. I’m entirely responsible for things that fall under documentation, and choices related to it are up to me to make. When that sort of responsibility exists, it can be hard to appropriately delegate my priorities at times.

This is where communication comes into place. Over the last 2 years, I have learned to understand the strengths and weaknesses of my co-workers. Nearly everyone on the team is a jack-of-all-trades type and the amount of knowledge surrounding me on a daily basis is almost intoxicating. The phrase “I don’t know” simply doesn’t exist. Someone on the team always has the answer or can find it quickly. Many of our skills overlap, but in some areas, I’m expected to be the expert.

When you’re relied on in that sense, you have to be a bit “ballsy”. You have to be outspoken even when you disagree with your bosses and state your case in a convincing way with more than emotion. I’ve always been rather assertive but have learned how to appropriately channel that into a convincing argument. As counter-productive as it sounds, in-office heated arguments help with that quite a bit. If I have an opinion on something ranging from how documentation should be displayed, to my thoughts on a political event, I have to prepare to be challenged (usually by Dave). This breeds a culture of critical thinking that simply can’t be matched, and I couldn’t be more thankful for it.

From Decent Developer to Powerhouse

Over the last 2 years, I’ve gone from considering myself a decent developer to a force to be reckoned with. My skillset has improved on a level that I previously couldn’t imagine.

When you’re working with rock stars, you start to become one. Whether it be due to fear of criticism, exposure to different approaches, or simply a desire to be one of the “cool kids”, surrounding myself with arguably some of the more intelligent people in the WordPress product industry has been immensely beneficial. Rocketgenius has a reputation to uphold of being the gold standard, and you either thrive or become crushed under the pressure.

Everyone on the team has a bit of an elitist mentality (in a good way) and has a natural desire to make ourselves and everyone around us better. The people that surround me have all contributed something over the last 2 years to make me who I am today.

Personal Development Makes Way For Professional Development

I was told when I accepted the position is that life comes first, and work should always be more than just a job. A lot of companies try to push a positive culture, but Rocketgenius truly lives by it.

A few days ago, I had an appointment to be at in the morning, so I was going to be a bit later getting into the office than usual. Due to a suggestion from my office-mates, I’ve begun going to the park to work out on my way to the office. When I left the appointment, I was considering skipping my workout to get to the office since I was already a bit later than usual. I thought to myself, “fuck it, if I feel good, I work better” and made my normal pitstop at the park on the way there.

Quite a few companies would look at taking the extra time to exercise in a negative way. Rocketgenius’ company culture sees things a bit differently.

Stress Is Bullshit

Life’s too short to stress over things. In the last 2 years, I’ve learned not to stress about things, but rather just get them done. Worrying about all of the ways something can go wrong isn’t productive in the slightest.

Not long ago, my wife was being sued over an old credit card that we had to max out when we moved up to Virginia but couldn’t pay back. Initially, my jaw dropped and I was a wreck over trying to figure out how to handle the situation. After discussing it a bit, I was able to come to the conclusion that stressing over it just isn’t worth it. Once I was able to reduce my stress levels, I was able to think more clearly and ended up getting the case dropped by fighting it.

Sometimes things may feel like the end of the world. In reality, they’re just a single moment in an overall lifetime.

Confidence Is Awesome

At first, I had reservations about committing code to Gravity Forms if I noticed something. What if I broke something? What if it’s not perfect? Over time I realized that I was hired for a reason and I should have confidence in what I do.

Does that sometimes lead to mistakes? Sure. I can’t count how many times I have broken something on our documentation site or even completely taken it down. If I always waited until everything was flawless and everyone had their input, nothing would ever get finished.

Each project that any of use work on is assigned because we’re the best person for the job. If I can’t be confident in something, nobody else will be.

Perfection Is Great. Results Are Better.

Often times I have an issue with handling things that aren’t perfect. I want everything to always be the absolute best and will constantly tweak things until they’re flawless in my eyes. Maybe it’s the OCD. Maybe it’s how I was brought up. Maybe it’s a combination of both.

About a year ago, I was chatting with Alex (one of the co-founders and original developer of Gravity Forms) at PressNomics. We were talking about a documentation project that I was working on when something he said truly stuck in my mind. He said to just get it done and stop trying to make it perfect. He told me that we have plenty of time to perfect it and it can always be changed later if needed. That conversation is something that comes to mind often and helps me to stop and think about what I need to do, rather than what I want to do.

If we’re releasing a new version of Gravity Forms, I don’t stress about trying to get the perfect usage example for a new hook; I think about it, document what’s needed, and move onto the next thing until I circle back around to it later. There’s no sense in wasting time beating my head against the desk when I could get everything to an 8/10 instead of getting a single thing to a 10/10. I can always make the 8 a 10 later.

Always Have A Side Hustle

While I put Rocketgenius first when it comes to my work time, I’ve learned that having side gigs is important as well. What’s the best way to document something? Use it extensively in practical scenarios.

Regularly, I take freelance Gravity Forms projects on the side. Far too often when working on a custom add-on, I’ll find that something in the documentation might need further clarification or might not exist in an official capacity. When I do, I toss it on a to-do list to better improve our documentation. By finding new and inventive ways to do something I’m able to provide a perspective that may have gone overlooked.

My Job Fucking Rocks

Working at Rocketgenius is amazing. Simple as that. It would be foolish to say that I will be there forever, but I look forward to the next several years continuing to make the top WordPress form management plugin even better.